In today's technology-driven economy, the need for data privacy and information security has never been greater. As organizations increasingly collect, store and distribute sensitive data, so grows the requirement to protect such information from unauthorized uses. In 2006, it was estimated that 54 percent of information in databases is considered confidential, including employee, customer, financial and supplier information. Approximately one-third of senior-level corporate and technology leaders do not trust their companies ability to protect sensitive data. Information governance has become a universal business mandate, thus placing considerable pressure on organizations worldwide to ensure the protection of sensitive data.
The focus of many organizations has been to secure production data stored and used in IT systems across networks; however organizations are now beginning to realize the importance of protecting data while stored and used outside production environments. Once sensitive data is exposed to individuals in non-production environments, the potential for internal data theft greatly increases. While organizations have been focused primarily on protecting sensitive data from external theft, researchers currently indicate that 70 to 80 percent of all security incidents come from insiders. It has been reported that 35 percent of IT professionals have abused their computer security and information access privileges in an attempt to access proprietary data.
Researchers currently estimate that 45 percent of organizations use live production data in non-production environments for such activities as software development, application testing, quality assurance, training, data mining/research, offshoring and outsourcing. The use of sensitive data for such non-production activities is often strictly prohibited by privacy legislation as well as by organizations' internal privacy policies.
Data masking is a process whereby the information in a database is masked or de-identified to ensure the protection of sensitive information used in non-production environments, while enabling the creation of realistic data without risk of unnecessarily exposing sensitive information. The data masking process enforces ‘need to know access’, minimizing the risks associated with using real production data in non-production environments. It is useful in situations where data is shared with third parties, either on-site, offsite, or offshore. Data masking has emerged as a new product class, and is now used throughout industry in addressing worldwide data privacy problems.
Large organizations typically have a number of database systems that integrate with each other. For instance, a Human Resources system and a Financials system might share certain data to support their respective business functions.
Accordingly, it is desirable to provide a novel and improved method and system for data masking that maintains data integrity across a plurality of inter-related databases.
It is further desirable to provide a novel and improved method and system for data masking that permits reversal of data masking for use in conjunction with unmasked databases.